CLSA-2025-1765012494

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2025-1765012494

Upstream

Published

2025-12-06T09:14:57Z

Modified

2026-06-01T00:31:30.658177190Z

Summary

gimp: Fix of 2 CVEs

Details

CVE-2025-10922: fix heap-based buffer overflow in DCM file parser by adding safety checks and proper GError handling to prevent potential RCE
CVE-2025-10934: fix heap-based buffer overflow in XWD file parser by validating colormap offsets to prevent potential RCE

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:2.99.8-3.el9.tuxcare.els8

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1765012494.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:2.99.8-3.el9.tuxcare.els8

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1765012494.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:2.99.8-3.el9.tuxcare.els8

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1765012494.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:2.99.8-3.el9.tuxcare.els8

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1765012494.json"